Vulnerability CVE-2011-5174


Published: 2012-09-15

Description:
Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Intel -> Q35 express chipset 
Intel -> 3450 chipset 
Intel -> Q57 chipset 
Intel -> 5500 chipset 
Intel -> Q67 express chipset 
Intel -> 5520 chipset 
Intel -> X58 chipset 
Intel -> 7500 chipset 
Intel -> Sinit authenticated code module 
Intel -> C202 chipset 
Intel -> C204 chipset 
Intel -> C206 chipset 
Intel -> Mobile intel gm45 chipset 
Intel -> Mobile intel gs45 chipset 
Intel -> Mobile intel pm45 express chipset 
Intel -> Mobile intel qm57 chipset 
Intel -> Mobile intel qm67 chipset 
Intel -> Mobile intel qs57 chipset 
Intel -> Mobile intel qs57 express chipset 
Intel -> Mobile intel qs67 chipset 

 References:
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr
http://theinvisiblethings.blogspot.com/2011/12/exploring-new-lands-on-intel-cpus-sinit.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/71625

Copyright 2024, cxsecurity.com

 

Back to Top